inspec-core 4.3.2 → 4.6.3

data/lib/plugins/inspec-artifact/lib/inspec-artifact/cli.rb

@@ -1,5 +1,5 @@
-# encoding: utf-8
-require_relative 'base'
+require_relative "base"
+require "inspec/dist"
 
 #
 # Notes:
@@ -73,39 +73,41 @@ require_relative 'base'
 module InspecPlugins
   module Artifact
     class CLI < Inspec.plugin(2, :cli_command)
-      subcommand_desc 'artifact SUBCOMMAND', 'Manage InSpec Artifacts'
+      include Inspec::Dist
 
-      desc 'generate', 'Generate a RSA key pair for signing and verification'
+      subcommand_desc "artifact SUBCOMMAND", "Manage #{PRODUCT_NAME} Artifacts"
+
+      desc "generate", "Generate a RSA key pair for signing and verification"
       option :keyname, type: :string, required: true,
-        desc: 'Desriptive name of key'
-      option :keydir, type: :string, default: './',
-        desc: 'Directory to search for keys'
+        desc: "Desriptive name of key"
+      option :keydir, type: :string, default: "./",
+        desc: "Directory to search for keys"
       def generate_keys
-        puts 'Generating keys'
+        puts "Generating keys"
         InspecPlugins::Artifact::Base.keygen(options)
       end
 
-      desc 'sign-profile', 'Create a signed .iaf artifact'
+      desc "sign-profile", "Create a signed .iaf artifact"
       option :profile, type: :string, required: true,
-        desc: 'Path to profile directory'
+        desc: "Path to profile directory"
       option :keyname, type: :string, required: true,
-        desc: 'Desriptive name of key'
+        desc: "Desriptive name of key"
       def sign_profile
         InspecPlugins::Artifact::Base.profile_sign(options)
       end
 
-      desc 'verify-profile', 'Verify a signed .iaf artifact'
+      desc "verify-profile", "Verify a signed .iaf artifact"
       option :infile, type: :string, required: true,
-          desc: '.iaf file to verify'
+          desc: ".iaf file to verify"
       def verify_profile
         InspecPlugins::Artifact::Base.profile_verify(options)
       end
 
-      desc 'install-profile', 'Verify and install a signed .iaf artifact'
+      desc "install-profile", "Verify and install a signed .iaf artifact"
       option :infile, type: :string, required: true,
-          desc: '.iaf file to install'
+          desc: ".iaf file to install"
       option :destdir, type: :string, required: true,
-        desc: 'Installation directory'
+        desc: "Installation directory"
       def install_profile
         InspecPlugins::Artifact::Base.profile_install(options)
       end

data/lib/plugins/inspec-compliance/lib/inspec-compliance.rb

@@ -4,7 +4,7 @@ module InspecPlugins
       plugin_name :'inspec-compliance'
 
       cli_command :compliance do
-        require_relative 'inspec-compliance/cli'
+        require_relative "inspec-compliance/cli"
         InspecPlugins::Compliance::CLI
       end
     end

data/lib/plugins/inspec-compliance/lib/inspec-compliance/api.rb

@@ -1,14 +1,13 @@
-# encoding: utf-8
+require "net/http"
+require "uri"
+require "json"
+require "inspec/dist"
 
-require 'net/http'
-require 'uri'
-require 'json'
-
-require_relative 'api/login'
-require_relative 'configuration'
-require_relative 'http'
-require_relative 'target'
-require_relative 'support'
+require_relative "api/login"
+require_relative "configuration"
+require_relative "http"
+require_relative "target"
+require_relative "support"
 
 module InspecPlugins
   module Compliance
@@ -17,13 +16,14 @@ module InspecPlugins
     # API Implementation does not hold any state by itself,
     # everything will be stored in local Configuration store
     class API
+      include Inspec::Dist
       extend InspecPlugins::Compliance::API::Login
 
       # return all compliance profiles available for the user
       # the user is either specified in the options hash or by default
       # the username of the account is used that is logged in
       def self.profiles(config, profile_filter = nil) # rubocop:disable PerceivedComplexity, Metrics/CyclomaticComplexity, Metrics/AbcSize, Metrics/MethodLength
-        owner = config['owner'] || config['user']
+        owner = config["owner"] || config["user"]
 
         # Chef Compliance
         if is_compliance_server?(config)
@@ -47,43 +47,43 @@ module InspecPlugins
 
         if is_automate2_server?(config)
           body = { owner: owner, name: id }.to_json
-          response = InspecPlugins::Compliance::HTTP.post_with_headers(url, headers, body, config['insecure'])
+          response = InspecPlugins::Compliance::HTTP.post_with_headers(url, headers, body, config["insecure"])
         else
-          response = InspecPlugins::Compliance::HTTP.get(url, headers, config['insecure'])
+          response = InspecPlugins::Compliance::HTTP.get(url, headers, config["insecure"])
         end
         data = response.body
         response_code = response.code
         case response_code
-        when '200'
-          msg = 'success'
+        when "200"
+          msg = "success"
           profiles = JSON.parse(data)
           # iterate over profiles
           if is_compliance_server?(config)
             mapped_profiles = []
-            profiles.values.each { |org|
+            profiles.values.each do |org|
               mapped_profiles += org.values
-            }
+            end
           # Chef Automate pre 0.8.0
           elsif is_automate_server_pre_080?(config)
             mapped_profiles = profiles.values.flatten
           elsif is_automate2_server?(config)
             mapped_profiles = []
-            profiles['profiles'].each { |p|
+            profiles["profiles"].each do |p|
               mapped_profiles << p
-            }
+            end
           else
-            mapped_profiles = profiles.map { |e|
-              e['owner_id'] = owner
+            mapped_profiles = profiles.map do |e|
+              e["owner_id"] = owner
               e
-            }
+            end
           end
           # filter by name and version if they were specified in profile_filter
           mapped_profiles.select! do |p|
-            (!ver || p['version'] == ver) && (!id || p['name'] == id)
+            (!ver || p["version"] == ver) && (!id || p["name"] == id)
           end
           return msg, mapped_profiles
-        when '401'
-          msg = '401 Unauthorized. Please check your token.'
+        when "401"
+          msg = "401 Unauthorized. Please check your token."
           return msg, []
         else
           msg = "An unexpected error occurred (HTTP #{response_code}): #{response.message}"
@@ -95,20 +95,20 @@ module InspecPlugins
       # NB this method does not use Compliance::Configuration to allow for using
       # it before we know the version (e.g. oidc or not)
       def self.version(config)
-        url = config['server']
-        insecure = config['insecure']
+        url = config["server"]
+        insecure = config["insecure"]
 
         raise ServerConfigurationMissing if url.nil?
 
         headers = get_headers(config)
-        response = InspecPlugins::Compliance::HTTP.get(url+'/version', headers, insecure)
-        return {} if response.code == '404'
+        response = InspecPlugins::Compliance::HTTP.get(url + "/version", headers, insecure)
+        return {} if response.code == "404"
 
         data = response.body
         return {} if data.nil? || data.empty?
 
         parsed = JSON.parse(data)
-        return {} unless parsed.key?('version') && !parsed['version'].empty?
+        return {} unless parsed.key?("version") && !parsed["version"].empty?
 
         parsed
       end
@@ -135,9 +135,9 @@ module InspecPlugins
 
         headers = get_headers(config)
         if is_automate2_server?(config)
-          res = InspecPlugins::Compliance::HTTP.post_multipart_file(url, headers, archive_path, config['insecure'])
+          res = InspecPlugins::Compliance::HTTP.post_multipart_file(url, headers, archive_path, config["insecure"])
         else
-          res = InspecPlugins::Compliance::HTTP.post_file(url, headers, archive_path, config['insecure'])
+          res = InspecPlugins::Compliance::HTTP.post_file(url, headers, archive_path, config["insecure"])
         end
 
         [res.is_a?(Net::HTTPSuccess), res.body]
@@ -151,11 +151,11 @@ module InspecPlugins
         access_token = nil
         response = InspecPlugins::Compliance::HTTP.send_request(uri, req, insecure)
         data = response.body
-        if response.code == '200'
+        if response.code == "200"
           begin
             tokendata = JSON.parse(data)
-            access_token = tokendata['access_token']
-            msg = 'Successfully fetched API access token'
+            access_token = tokendata["access_token"]
+            msg = "Successfully fetched API access token"
             success = true
           rescue JSON::ParserError => e
             success = false
@@ -178,9 +178,9 @@ module InspecPlugins
         access_token = nil
         response = InspecPlugins::Compliance::HTTP.send_request(uri, req, insecure)
         data = response.body
-        if response.code == '200'
+        if response.code == "200"
           access_token = data
-          msg = 'Successfully fetched an API access token valid for 12 hours'
+          msg = "Successfully fetched an API access token valid for 12 hours"
           success = true
         else
           success = false
@@ -194,22 +194,22 @@ module InspecPlugins
       def self.get_headers(config)
         token = get_token(config)
         if is_automate_server?(config) || is_automate2_server?(config)
-          headers = { 'chef-delivery-enterprise' => config['automate']['ent'] }
-          if config['automate']['token_type'] == 'dctoken'
-            headers['x-data-collector-token'] = token
+          headers = { "chef-delivery-enterprise" => config["automate"]["ent"] }
+          if config["automate"]["token_type"] == "dctoken"
+            headers["x-data-collector-token"] = token
           else
-            headers['chef-delivery-user'] = config['user']
-            headers['chef-delivery-token'] = token
+            headers["chef-delivery-user"] = config["user"]
+            headers["chef-delivery-token"] = token
           end
         else
-          headers = { 'Authorization' => "Bearer #{token}" }
+          headers = { "Authorization" => "Bearer #{token}" }
         end
         headers
       end
 
       def self.get_token(config)
-        return config['token'] unless config['refresh_token']
-        _success, _msg, token = get_token_via_refresh_token(config['server'], config['refresh_token'], config['insecure'])
+        return config["token"] unless config["refresh_token"]
+        _success, _msg, token = get_token_via_refresh_token(config["server"], config["refresh_token"], config["insecure"])
         token
       end
 
@@ -227,52 +227,52 @@ module InspecPlugins
       end
 
       def self.profile_split(profile)
-        owner, id = profile.split('/')
-        id, version = id.split('#')
+        owner, id = profile.split("/")
+        id, version = id.split("#")
         [owner, id, version]
       end
 
       # returns a parsed url for `admin/profile` or `compliance://admin/profile`
       def self.sanitize_profile_name(profile)
-        if URI(profile).scheme == 'compliance'
+        if URI(profile).scheme == "compliance"
           uri = URI(profile)
         else
           uri = URI("compliance://#{profile}")
         end
-        uri.to_s.sub(%r{^compliance:\/\/}, '')
+        uri.to_s.sub(%r{^compliance:\/\/}, "")
       end
 
       def self.is_compliance_server?(config)
-        config['server_type'] == 'compliance'
+        config["server_type"] == "compliance"
       end
 
       def self.is_automate_server_pre_080?(config)
         # Automate versions before 0.8.x do not have a valid version in the config
-        return false unless config['server_type'] == 'automate'
+        return false unless config["server_type"] == "automate"
         server_version_from_config(config).nil?
       end
 
       def self.is_automate_server_080_and_later?(config)
         # Automate versions 0.8.x and later will have a "version" key in the config
         # that is properly parsed out via server_version_from_config below
-        return false unless config['server_type'] == 'automate'
+        return false unless config["server_type"] == "automate"
         !server_version_from_config(config).nil?
       end
 
       def self.is_automate2_server?(config)
-        config['server_type'] == 'automate2'
+        config["server_type"] == "automate2"
       end
 
       def self.is_automate_server?(config)
-        config['server_type'] == 'automate'
+        config["server_type"] == "automate"
       end
 
       def self.server_version_from_config(config)
         # Automate versions 0.8.x and later will have a "version" key in the config
         # that looks like: "version":{"api":"compliance","version":"0.8.24"}
-        return nil unless config.key?('version')
-        return nil unless config['version'].is_a?(Hash)
-        config['version']['version']
+        return nil unless config.key?("version")
+        return nil unless config["version"].is_a?(Hash)
+        config["version"]["version"]
       end
 
       def self.determine_server_type(url, insecure)
@@ -283,18 +283,18 @@ module InspecPlugins
         elsif target_is_compliance_server?(url, insecure)
           :compliance
         else
-          Inspec::Log.debug('Could not determine server type using known endpoints')
+          Inspec::Log.debug("Could not determine server type using known endpoints")
           nil
         end
       end
 
       def self.target_is_automate2_server?(url, insecure)
-        automate_endpoint = '/dex/auth'
+        automate_endpoint = "/dex/auth"
         response = InspecPlugins::Compliance::HTTP.get(url + automate_endpoint, nil, insecure)
-        if response.code == '400'
+        if response.code == "400"
           Inspec::Log.debug(
             "Received 400 from #{url}#{automate_endpoint} - " \
-            'assuming target is a Chef Automate2 instance',
+            "assuming target is a #{AUTOMATE_PRODUCT_NAME}2 instance"
           )
           true
         else
@@ -303,30 +303,30 @@ module InspecPlugins
       end
 
       def self.target_is_automate_server?(url, insecure)
-        automate_endpoint = '/compliance/version'
+        automate_endpoint = "/compliance/version"
         response = InspecPlugins::Compliance::HTTP.get(url + automate_endpoint, nil, insecure)
         case response.code
-        when '401'
+        when "401"
           Inspec::Log.debug(
             "Received 401 from #{url}#{automate_endpoint} - " \
-            'assuming target is a Chef Automate instance',
+            "assuming target is a #{AUTOMATE_PRODUCT_NAME} instance"
           )
           true
-        when '200'
+        when "200"
           # Chef Automate currently returns 401 for `/compliance/version` but some
           # versions of OpsWorks Chef Automate return 200 and a Chef Manage page
           # when unauthenticated requests are received.
-          if response.body.include?('Are You Looking For the Chef Server?')
+          if response.body.include?("Are You Looking For the #{SERVER_PRODUCT_NAME}?")
             Inspec::Log.debug(
               "Received 200 from #{url}#{automate_endpoint} - " \
-              'assuming target is an OpsWorks Chef Automate instance',
+              "assuming target is an #{AUTOMATE_PRODUCT_NAME} instance"
             )
             true
           else
             Inspec::Log.debug(
               "Received 200 from #{url}#{automate_endpoint} " \
-              'but did not receive the Chef Manage page - ' \
-              'assuming target is not a Chef Automate instance',
+              "but did not receive the Chef Manage page - " \
+              "assuming target is not a #{AUTOMATE_PRODUCT_NAME} instance"
             )
             false
           end
@@ -334,7 +334,7 @@ module InspecPlugins
           Inspec::Log.debug(
             "Received unexpected status code #{response.code} " \
             "from #{url}#{automate_endpoint} - " \
-            'assuming target is not a Chef Automate instance',
+            "assuming target is not a #{AUTOMATE_PRODUCT_NAME} instance"
           )
           false
         end
@@ -342,14 +342,14 @@ module InspecPlugins
 
       def self.target_is_compliance_server?(url, insecure)
         # All versions of Chef Compliance return 200 for `/api/version`
-        compliance_endpoint = '/api/version'
+        compliance_endpoint = "/api/version"
 
         response = InspecPlugins::Compliance::HTTP.get(url + compliance_endpoint, nil, insecure)
-        return false unless response.code == '200'
+        return false unless response.code == "200"
 
         Inspec::Log.debug(
           "Received 200 from #{url}#{compliance_endpoint} - " \
-          'assuming target is a Compliance server',
+          "assuming target is a #{COMPLIANCE_PRODUCT_NAME} server"
         )
         true
       end

data/lib/plugins/inspec-compliance/lib/inspec-compliance/api/login.rb

@@ -1,19 +1,21 @@
-# encoding: utf-8
+require "inspec/dist"
 
 module InspecPlugins
   module Compliance
     class API
       module Login
+        include Inspec::Dist
+
         class CannotDetermineServerType < StandardError; end
 
         def login(options)
-          raise ArgumentError, 'Please specify a server using `inspec compliance login https://SERVER`' unless options['server']
+          raise ArgumentError, "Please specify a server using `#{EXEC_NAME} compliance login https://SERVER`" unless options["server"]
 
-          options['server'] = URI("https://#{options['server']}").to_s if URI(options['server']).scheme.nil?
+          options["server"] = URI("https://#{options['server']}").to_s if URI(options["server"]).scheme.nil?
 
-          options['server_type'] = InspecPlugins::Compliance::API.determine_server_type(options['server'], options['insecure'])
+          options["server_type"] = InspecPlugins::Compliance::API.determine_server_type(options["server"], options["insecure"])
 
-          case options['server_type']
+          case options["server_type"]
           when :automate2
             Login::Automate2Server.login(options)
           when :automate
@@ -21,7 +23,7 @@ module InspecPlugins
           when :compliance
             Login::ComplianceServer.login(options)
           else
-            raise CannotDetermineServerType, "Unable to determine if #{options['server']} is a Chef Automate or Chef Compliance server"
+            raise CannotDetermineServerType, "Unable to determine if #{options['server']} is a #{AUTOMATE_PRODUCT_NAME} or #{COMPLIANCE_PRODUCT_NAME} server"
           end
         end
 
@@ -29,8 +31,8 @@ module InspecPlugins
           def self.login(options)
             verify_thor_options(options)
 
-            options['url'] = options['server'] + '/api/v0'
-            token = options['dctoken'] || options['token']
+            options["url"] = options["server"] + "/api/v0"
+            token = options["dctoken"] || options["token"]
             store_access_token(options, token)
           end
 
@@ -38,16 +40,16 @@ module InspecPlugins
             config = InspecPlugins::Compliance::Configuration.new
             config.clean
 
-            config['automate'] = {}
-            config['automate']['ent'] = 'automate'
-            config['automate']['token_type'] = 'dctoken'
-            config['server'] = options['url']
-            config['user'] = options['user']
-            config['owner'] = options['user']
-            config['insecure'] = options['insecure'] || false
-            config['server_type'] = options['server_type'].to_s
-            config['token'] = token
-            config['version'] = '0'
+            config["automate"] = {}
+            config["automate"]["ent"] = "automate"
+            config["automate"]["token_type"] = "dctoken"
+            config["server"] = options["url"]
+            config["user"] = options["user"]
+            config["owner"] = options["user"]
+            config["insecure"] = options["insecure"] || false
+            config["server_type"] = options["server_type"].to_s
+            config["token"] = token
+            config["version"] = "0"
 
             config.store
             config
@@ -56,10 +58,10 @@ module InspecPlugins
           def self.verify_thor_options(o)
             error_msg = []
 
-            error_msg.push('Please specify a user using `--user=\'USER\'`') if o['user'].nil?
+            error_msg.push("Please specify a user using `--user='USER'`") if o["user"].nil?
 
-            if o['token'].nil? && o['dctoken'].nil?
-              error_msg.push('Please specify a token using `--token=\'APITOKEN\'`')
+            if o["token"].nil? && o["dctoken"].nil?
+              error_msg.push("Please specify a token using `--token='APITOKEN'`")
             end
 
             raise ArgumentError, error_msg.join("\n") unless error_msg.empty?
@@ -70,31 +72,31 @@ module InspecPlugins
           def self.login(options)
             verify_thor_options(options)
 
-            options['url'] = options['server'] + '/compliance'
-            token = options['dctoken'] || options['token']
+            options["url"] = options["server"] + "/compliance"
+            token = options["dctoken"] || options["token"]
             store_access_token(options, token)
           end
 
           def self.store_access_token(options, token)
-            token_type = if options['token']
-                           'usertoken'
+            token_type = if options["token"]
+                           "usertoken"
                          else
-                           'dctoken'
+                           "dctoken"
                          end
 
             config = InspecPlugins::Compliance::Configuration.new
 
             config.clean
 
-            config['automate'] = {}
-            config['automate']['ent'] = options['ent']
-            config['automate']['token_type'] = token_type
-            config['server'] = options['url']
-            config['user'] = options['user']
-            config['insecure'] = options['insecure'] || false
-            config['server_type'] = options['server_type'].to_s
-            config['token'] = token
-            config['version'] = InspecPlugins::Compliance::API.version(config)
+            config["automate"] = {}
+            config["automate"]["ent"] = options["ent"]
+            config["automate"]["token_type"] = token_type
+            config["server"] = options["url"]
+            config["user"] = options["user"]
+            config["insecure"] = options["insecure"] || false
+            config["server_type"] = options["server_type"].to_s
+            config["token"] = token
+            config["version"] = InspecPlugins::Compliance::API.version(config)
 
             config.store
             config
@@ -104,11 +106,11 @@ module InspecPlugins
           def self.verify_thor_options(o)
             error_msg = []
 
-            error_msg.push('Please specify a user using `--user=\'USER\'`') if o['user'].nil?
-            error_msg.push('Please specify an enterprise using `--ent=\'automate\'`') if o['ent'].nil?
+            error_msg.push("Please specify a user using `--user='USER'`") if o["user"].nil?
+            error_msg.push("Please specify an enterprise using `--ent='automate'`") if o["ent"].nil?
 
-            if o['token'].nil? && o['dctoken'].nil?
-              error_msg.push('Please specify a token using `--token=\'AUTOMATE_TOKEN\'` or `--dctoken=\'DATA_COLLECTOR_TOKEN\'`')
+            if o["token"].nil? && o["dctoken"].nil?
+              error_msg.push("Please specify a token using `--token='AUTOMATE_TOKEN'` or `--dctoken='DATA_COLLECTOR_TOKEN'`")
             end
 
             raise ArgumentError, error_msg.join("\n") unless error_msg.empty?
@@ -116,26 +118,28 @@ module InspecPlugins
         end
 
         module ComplianceServer
+          include Inspec::Dist
+
           def self.login(options)
             compliance_verify_thor_options(options)
 
-            options['url'] = options['server'] + '/api'
+            options["url"] = options["server"] + "/api"
 
-            if options['user'] && options['token']
-              compliance_store_access_token(options, options['token'])
-            elsif options['user'] && options['password']
+            if options["user"] && options["token"]
+              compliance_store_access_token(options, options["token"])
+            elsif options["user"] && options["password"]
               compliance_login_user_pass(options)
-            elsif options['refresh_token']
+            elsif options["refresh_token"]
               compliance_login_refresh_token(options)
             end
           end
 
           def self.compliance_login_user_pass(options)
             success, msg, token = InspecPlugins::Compliance::API.get_token_via_password(
-              options['url'],
-              options['user'],
-              options['password'],
-              options['insecure'],
+              options["url"],
+              options["user"],
+              options["password"],
+              options["insecure"]
             )
 
             raise msg unless success
@@ -144,9 +148,9 @@ module InspecPlugins
 
           def self.compliance_login_refresh_token(options)
             success, msg, token = InspecPlugins::Compliance::API.get_token_via_refresh_token(
-              options['url'],
-              options['refresh_token'],
-              options['insecure'],
+              options["url"],
+              options["refresh_token"],
+              options["insecure"]
             )
 
             raise msg unless success
@@ -157,12 +161,12 @@ module InspecPlugins
             config = InspecPlugins::Compliance::Configuration.new
             config.clean
 
-            config['user'] = options['user'] if options['user']
-            config['server'] = options['url']
-            config['insecure'] = options['insecure'] || false
-            config['server_type'] = options['server_type'].to_s
-            config['token'] = token
-            config['version'] = InspecPlugins::Compliance::API.version(config)
+            config["user"] = options["user"] if options["user"]
+            config["server"] = options["url"]
+            config["insecure"] = options["insecure"] || false
+            config["server_type"] = options["server_type"].to_s
+            config["token"] = token
+            config["version"] = InspecPlugins::Compliance::API.version(config)
 
             config.store
             config
@@ -173,14 +177,14 @@ module InspecPlugins
           def self.compliance_verify_thor_options(o)
             error_msg = []
 
-            error_msg.push('Please specify a server using `inspec compliance login https://SERVER`') if o['server'].nil?
+            error_msg.push("Please specify a server using `#{EXEC_NAME} compliance login https://SERVER`") if o["server"].nil?
 
-            if o['user'].nil? && o['refresh_token'].nil?
-              error_msg.push('Please specify a `--user=\'USER\'` or a `--refresh-token=\'TOKEN\'`')
+            if o["user"].nil? && o["refresh_token"].nil?
+              error_msg.push("Please specify a `--user='USER'` or a `--refresh-token='TOKEN'`")
             end
 
-            if o['user'] && o['password'].nil? && o['token'].nil? && o['refresh_token'].nil?
-              error_msg.push('Please specify either a `--password`, `--token`, or `--refresh-token`')
+            if o["user"] && o["password"].nil? && o["token"].nil? && o["refresh_token"].nil?
+              error_msg.push("Please specify either a `--password`, `--token`, or `--refresh-token`")
             end
 
             raise ArgumentError, error_msg.join("\n") unless error_msg.empty?